/**
* Write the configuration file
*/
public function installConf()
{
if ($this->_installConfValidate()) {
$db_params = $_SESSION['conf_fields'];
$db_name_string = '$conf[\'db_name\']';
$db_user_string = '$conf[\'db_user\']';
$db_pass_string = '$conf[\'db_pass\']';
$db_port_string = '$conf[\'db_port\']';
$db_host_string = '$conf[\'db_host\']';
$conf_file_contents = file_get_contents($this->_appRoot . '/conf/sahana.conf.example');
$conf_file_contents .= "\n# Database Configuration\n" . "{$db_name_string} = \"{$db_params['db_name']}\";\n" . "{$db_host_string} = \"{$db_params['db_host']}\";\n" . "{$db_user_string} = \"{$db_params['db_user']}\";\n" . "{$db_pass_string} = \"{$db_params['db_pass']}\";\n" . "{$db_port_string} = \"{$db_params['db_port']}\";\n";
$isImportSuccess = false;
if ($db_params['db_preference'] == 0) {
if (shn_create_database($db_params)) {
$isImportSuccess = $this->_importData($db_params);
}
} else {
$isImportSuccess = $this->_importData($db_params);
}
if ($isImportSuccess) {
add_confirmation(_t("Data import completed successfully."));
if (file_put_contents($this->_appRoot . '/conf/sahana.conf', $conf_file_contents)) {
add_confirmation(_t("Wrote sahana.conf successfully."));
echo _t('<p>Installation Complete. Now you can ') . '<a href="index.php">' . _t('go to the Vesuvius main page.') . '</a>';
}
} else {
add_error(_t("Data import encountered an error: ") . $mysql_import_command);
$this->writeConfInit();
}
} else {
$this->writeConfInit();
}
}
/**
* The function that decides what to do and which page to view.
*
* @param $getvars an associative array, representing the GET variables
* from the URL
* @return void
*/
function controlHandler($getvars)
{
global $dao;
//first authorize the user
$ac = new AccessController($getvars);
if (!$ac->isAuthorized()) {
return;
}
//if authorized, move on to displaying the correct page
switch ($getvars['vm_action']) {
case 'process_add':
global $dao;
/*
* First set up a Volunteer object to store all of the
* POST data
*/
if ($_SESSION['logged_in'] && !$dao->isVolunteer($_SESSION['user_id'])) {
$v = new Volunteer();
$v->info['ids'] = array();
$v->p_uuid = $_SESSION['user_id'];
$shn_user = true;
} else {
if (isset($getvars['p_uuid'])) {
$v = new Volunteer($getvars['p_uuid']);
$shn_user = false;
} else {
$v = new Volunteer();
$v->info['ids'] = array();
$shn_user = false;
}
}
$v->info['full_name'] = $getvars['full_name'];
$v->info['ids'][$getvars['id_type']] = trim($getvars['serial']);
$v->info['gender'] = $getvars['gender'];
$v->info['dob'] = $getvars['dob'];
$v->info['date_start'] = $getvars['start_date'];
$v->info['date_end'] = $getvars['end_date'];
$v->info['hour_start'] = $getvars['hrs_avail_start'];
$v->info['hour_end'] = $getvars['hrs_avail_end'];
$v->info['occupation'] = $getvars['occupation'];
$v->info['affiliation'] = $getvars['affiliation'];
$v->info['special_needs'] = $getvars['special_needs'];
$v->info['locations'] = array();
shn_get_parents(shn_location_get_form_submit_loc(), $v->info['locations']);
$v->info['contact'] = array();
// put every input that begins with 'contact_' into the contact array
foreach ($getvars as $key => $value) {
if (substr($key, 0, strlen('contact_')) == 'contact_') {
$v->info['contact'][substr($key, strlen('contact_'))] = $value;
}
}
$v->info['contact_prefer'] = $getvars['prefered_confirm_medium'];
//add skills information
$v_skills = array();
$skill_ids = $dao->getSkillIDs();
foreach ($skill_ids as $skill) {
if ($getvars["SKILL_{$skill}"] == 'on') {
$v_skills[] = $skill;
}
}
$v->info['skills'] = $v_skills;
//add Sahana account information if necessary
if ($getvars['reg_account'] == 'true') {
$v->info['account_info'] = array('account_name' => $getvars['full_name'], 'user_name' => $getvars['user_name'], 'pass' => $getvars['pass1']);
$v->p_uuid = $getvars['existing_puuid'];
}
View::View($v);
/*
* Check to see if the POST data is valid and act accordingly
*/
if ($this->validateAddForm($getvars = array_merge($_REQUEST, $_FILES))) {
$v->save($shn_user);
// picture
$p = $_FILES['picture'];
if (!empty($p['tmp_name'])) {
$pic = new VMPicture();
$pic->original = file_get_contents($p['tmp_name']);
$pic->name = $p['name'];
$pic->type = $p['type'];
$pic->size = $p['size'];
$pic->p_uuid = $v->p_uuid;
if ($pic->resize()) {
$pic->save();
} else {
add_error(_("The image file is invalid, or is not of a supported type."));
}
}
add_confirmation(_('Changes saved.'));
//if we just created a Sahana account, direct the user to log in
if (!$_SESSION['logged_in']) {
$this->displayPleaseLogin();
} else {
$this->displayVolunteer($v->p_uuid);
}
} else {
if (!empty($getvars['p_uuid'])) {
$this->addVolunteer(new Volunteer($getvars['p_uuid']));
} else {
$this->addVolunteer();
}
}
break;
case 'display_add':
View::View();
if ($dao->isVolunteer($_SESSION['user_id'])) {
//if this user is a volunteer already, display the edit form
$this->addVolunteer(new Volunteer($_SESSION['user_id']));
} else {
//otherwise display the add form
$this->addVolunteer();
}
break;
case 'display_edit':
View::View();
$this->addVolunteer(new Volunteer($getvars['p_uuid']));
break;
case 'display_confirm_delete':
View::View();
$this->confirmDelete($getvars['p_uuid']);
break;
case 'display_change_pass':
View::View();
$this->changePass($_SESSION['user_id']);
break;
case 'process_change_pass':
global $global;
require_once $global['approot'] . 'inc/lib_security/lib_auth.inc';
if ($this->validateChangePassForm($getvars = $_REQUEST)) {
if (shn_change_password($getvars['p_uuid'], $getvars['cur_pass'], $getvars['pass1']) === true) {
add_error(SHN_ERR_VM_PASSWORD_NOT_MATCH);
$this->changePass($getvars['p_uuid']);
} else {
add_confirmation(_("Your Password has been updated"));
}
} else {
$this->changePass($getvars['p_uuid']);
}
break;
case 'process_delete':
$v = new Volunteer();
$v->delete($getvars['p_uuid']);
View::View();
$this->displayConfirmation('The requested user was deleted.');
$extra_opts = array('showPictures' => true, 'showAvailability' => true, 'showLocation' => true, 'showStatus' => true, 'showAffiliation' => true);
$this->listVolunteers($dao->getVolunteers(), $extra_opts);
break;
case 'display_list_all':
View::View();
$extra_opts = array('showPictures' => true, 'showAvailability' => true, 'showLocation' => true, 'showStatus' => true, 'showAffiliation' => true);
$this->listVolunteers($dao->getVolunteers(), $extra_opts);
$this->showPagingNavigation("index.php?mod=vm&act=volunteer&vm_action=display_list_all");
break;
case 'display_list_assigned':
View::View();
$extra_opts = array('showPictures' => true, 'showAvailability' => true, 'showLocation' => true, 'showStatus' => true, 'showAffiliation' => true);
$this->listVolunteers($dao->getVolunteers(null, VM_SHOW_ALL_VOLUNTEERS_ASSIGNED), $extra_opts);
$this->showPagingNavigation("index.php?mod=vm&act=volunteer&vm_action=display_list_assigned");
break;
case 'display_mailbox':
View::View(new Volunteer($_SESSION['user_id']));
$this->displayMailbox($getvars['box']);
break;
case 'display_message':
/*
* Since we are passing $_SESSION['user_id'] as the p_uuid of the user here,
* we can only view the message (i.e., the query will only succeed) if it belongs
* to the current logged in user. Therefore, there is no need for extra access
* control checks on displaying a message here.
*/
View::View();
$this->displayMessage($_SESSION['user_id'], $getvars['msg_id'], $getvars['box']);
break;
case 'process_delete_message':
global $dao;
$dao->deleteMessage($_SESSION['user_id'], $getvars['msg_id'], $getvars['box'] != 'outbox');
//add_confirmation('_(Message has been deleted'));
View::View(new Volunteer($_SESSION['user_id']));
$this->displayMailbox($getvars['box']);
break;
case 'display_send_message':
$this->displaySendMessageForm();
break;
case 'process_send_message':
global $dao;
if ($this->validateSendMessageForm($getvars = $_REQUEST)) {
$message = stripslashes($getvars['message']);
$message = strtr($message, array("'" => "\\'"));
//have to escape any single quotes otherwise querying won't work
$dao->sendMessage($_SESSION['user_id'], $getvars['to'], $message);
add_confirmation(_("Message Sent"));
} else {
$to_list = array();
$to = $getvars['to'];
if (isset($to)) {
foreach ($to as $person) {
$to_list[$person] = $dao->getPersonName($person);
}
}
$this->displaySendMessageForm($to_list);
}
break;
case 'display_search':
$advanced = $getvars['advanced'] == 'true';
$this->openSearchForm();
$this->displaySearchForm($advanced);
break;
case 'process_search':
global $dao, $global;
include_once $global['approot'] . 'mod/vm/lib/vm_validate.inc';
View::View();
//print_r($getvars);
$vol_name = $getvars['vol_name'];
//name to search by
$vol_id = $getvars['vol_iden'];
//Identification number to search by
$loose = false;
$soundslike = false;
$start_date = $getvars['start_date'];
//availability start
$end_date = $getvars['end_date'];
//availability end
$skills_matching = $getvars['skills_matching'] == 'and_skills' ? VM_SKILLS_ALL : VM_SKILLS_ANY;
//search for all or any of the skills present
$unassigned = $getvars['unassigned'] == 'true';
//true to search for only unassigned volunteers
$assigning = $getvars['assigning'];
//true if we are using the search to assign volunteers
$advanced = $getvars['advanced'] == 'true';
//true if we are using an advanced search
$just_assigned_vol = $getvars['p_uuid'] != '' && $assigning;
//true if we just assigned a volunteer to a project (nice to know if no results are found to not display an error)
$date_constraint = $getvars['date_constraint'] == 'full_date';
//true if we must check for availability for the entire date range specified, false to check for any portion of the data range
$positions = $getvars['positions'];
if ($assigning) {
$assigning_proj = $getvars['proj_id'];
} else {
$assigning_proj = null;
}
$location = '';
if (shn_vm_location_selected()) {
$location = shn_location_get_form_submit_loc();
}
$skills = array();
$skill_ids = $dao->getSkillIDs();
foreach ($skill_ids as $sk) {
if ($getvars["SKILL_{$sk}"] == 'on') {
$skills[] = $sk;
}
}
//if we're not using the search results to do assigning, open the form here so that all of our paging navigation
//will also be part of the form
if (!$assigning) {
$this->openSearchForm();
}
//Validate the fields
if ($this->validateSearchForm($getvars)) {
//get the search results and display them
$results = $dao->getVolSearchResults($vol_id, $vol_name, $skills, $skills_matching, $start_date, $end_date, $location, $date_constraint, $unassigned, $loose, $soundslike, $assigning_proj);
$this->displaySearchResults($results, $assigning, $assigning_proj, $advanced, $just_assigned_vol, $positions);
}
if (!$assigning) {
$this->displaySearchForm($advanced, false);
} else {
$this->displaySearchForm(true, true);
}
break;
case 'display_single':
$v = new Volunteer($getvars['p_uuid']);
View::View($v);
$this->displayVolunteer($getvars['p_uuid']);
break;
case 'process_remove_picture':
$dao->deletePicture($dao->getPictureID($_GET['id']));
View::View();
if (empty($getvars['p_uuid'])) {
$this->addVolunteer();
} else {
$this->addVolunteer(new Volunteer($getvars['p_uuid']));
}
break;
case 'display_portal':
View::View(new Volunteer($_SESSION['user_id']));
$this->displayPortal();
break;
case 'display_report_all':
View::View();
$this->displayVolunteerReport($dao->getVolunteersForReport());
break;
case 'display_custom_report_select_for_mgrs':
$this->displayCustomReportFilterForMgrs($dao->listProjects($_SESSION['user_id'], true, true));
break;
case 'display_custom_report_select':
View::View();
$projects = array('ALL_PROJECTS' => '(all)') + $dao->listProjects(null, false, true);
$orgs = array('ALL_ORGS' => '(all)') + $dao->getOrganizations(true);
$this->displayCustomReportFilter($projects, $orgs, $dao->getVolunteerNames(true));
break;
case 'display_custom_report':
View::View();
$extra_opts = array();
$proj_id = null;
$org_id = null;
$vols = array();
if (isset($getvars['proj_id']) && $getvars['proj_id'] != 'ALL_PROJECTS') {
$proj_id = $getvars['proj_id'];
$extra_opts['reportProjName'] = $dao->getProjectName($proj_id);
}
if (isset($getvars['org_id']) && $getvars['org_id'] != 'ALL_ORGS') {
$org_id = $getvars['org_id'];
$temp = $dao->getOrganizationInfo($org_id);
$extra_opts['reportOrgName'] = $temp['name'];
}
if (!empty($getvars['vols']) && is_array($getvars['vols'])) {
$extra_opts['reportingSpecificVolunteers'] = true;
$vols = $getvars['vols'];
}
$this->displayVolunteerReport($dao->getVolunteersForReport($proj_id, $org_id, $vols), $extra_opts);
break;
case 'display_modify_skills':
$this->displayModifySkills();
break;
case 'process_add_skill':
global $global;
require_once $global['approot'] . 'mod/vm/lib/vm_validate.inc';
if (empty($getvars['skill_desc']) || empty($getvars['skill_code'])) {
add_error(_('Please specify both a skill description and skill code'));
} else {
//validate skill code length
if (strlen(trim($getvars['skill_code'])) < 4 || strlen(trim($getvars['skill_code'])) > 5) {
add_error(_('Skill code should be 4 - 5 letters'));
} else {
$find = array("/ *" . VM_SKILLS_DELIMETER . " */", "/^ +/", "/ +\$/");
$replace = array("-", '', '');
$description = preg_replace($find, $replace, $getvars['skill_desc']);
if (!$dao->addSkill($getvars['skill_code'], $description)) {
add_error(_('The specified skill code already exists. Please choose another'));
} else {
add_confirmation("Skill '{$description}' added");
unset($_POST);
}
}
}
$this->displayModifySkills();
break;
case 'process_remove_skill':
if (!empty($_REQUEST['skills'])) {
foreach ($_REQUEST['skills'] as $code) {
$dao->removeSkill($code);
add_confirmation("Deleted {$code}");
}
}
$this->displayModifySkills();
break;
case 'display_approval_management':
//currently only site manager approval is allowed, later credential approval will be added
$this->displayApprovalForm($dao->getVolunteerNames(), $dao->getVolunteersByAbility('MGR'));
break;
case 'process_approval_modifications':
//currently only site manager approval is allowed, later credential approval will be added
$dao->updateAbilityStatus($getvars['vol_id'], 'MGR', isset($getvars['approve']));
add_confirmation(_('Approval information has been updated'));
$this->displayApprovalForm($dao->getVolunteerNames(), $dao->getVolunteersByAbility('MGR'));
break;
case 'process_approval_upgrades':
//currently only site manager approval is allowed, later credential approval will be added
$dao->updateAbilityStatus($getvars['vol_id'], 'MGR', true);
add_confirmation(_('Approval information has been updated'));
$this->displayApprovalForm($dao->getVolunteerNames(), $dao->getVolunteersByAbility('MGR'));
break;
case 'process_log_time':
$start = strtotime($getvars['startDate'] . ' ' . $getvars['startTime']);
if (empty($getvars['numHours'])) {
$end = strtotime($getvars['endDate'] . ' ' . $getvars['endTime']);
} else {
$end = $start + $getvars['numHours'] * 60 * 60;
}
if (($e = validateShiftTimes($start, $end)) === VM_OK) {
if ($dao->logShift($getvars['p_uuid'], $getvars['pos_id'], $start, $end)) {
$this->displayConfirmation('Your time was logged successfully.');
$v = new Volunteer($getvars['p_uuid']);
View::View($v);
$this->displayVolunteer($getvars['p_uuid']);
} else {
add_error(_("There was a problem logging your time. Please go back and try again."));
}
} else {
add_error(_("Error logging time:") . $e);
$this->showLogTime($getvars['p_uuid'], $getvars['pos_id']);
}
break;
case 'review_hours':
if (empty($getvars['proj_id'])) {
$this->displaySelectReviewHours();
} else {
$this->displayReviewHours($getvars['proj_id']);
}
break;
case 'process_review_hours':
$this->dao->reviewShift($getvars['shift_id'], $getvars['status']);
$this->displayReviewHours($getvars['p_uuid'], $getvars['pos_id']);
break;
default:
if ($_SESSION['logged_in']) {
View::View(new Volunteer($_SESSION['user_id']));
$this->displayPortal();
}
}
}
/**
* Handles control for all administrative functions
*/
public function controlHandler($getvars)
{
//first authorize the user
$ac = new AccessController($getvars);
if (!$ac->isAuthorized()) {
return;
}
View::View();
$this->displayAdminHMenu();
global $dao;
switch ($getvars['vm_action']) {
case 'display_acl_situations':
$this->displayAdminACL($dao->getAccessRequestsForDisplay());
break;
case 'display_acl_modify':
if (empty($getvars['request'])) {
add_error(SHN_ERR_VM_NO_REQUEST);
$this->displayAdminACL($dao->getAccessRequestsForDisplay());
} else {
$split = preg_split("/&/", $getvars['request']);
$act = $split[0];
$vm_action = $split[1];
$this->displayAdminACLModify($act, $vm_action, $dao->getAccessRequestDescription($act, $vm_action), $dao->getSpecificAccessRequestConstraints($act, $vm_action), $dao->getPossibleAccessConstraints(), $dao->getDBTables());
}
break;
case 'process_update_phonetics':
$dao->updatePhonetics();
add_confirmation(_('The Search Registry has been updated.'));
$this->displayDefaultAdminPage();
break;
case 'process_acl_modifications':
$dao->removeConstraints($getvars['acl_act'], $getvars['acl_vm_action']);
//first update the special constraints
$possible_constraints = $dao->getPossibleAccessConstraints();
foreach ($possible_constraints as $code => $description) {
if ($getvars["constraint_{$code}_req"] == 'on') {
$dao->addConstraint($getvars['acl_act'], $getvars['acl_vm_action'], $code);
}
}
//now update the data classification constraints
$tables = array();
foreach ($getvars as $name => $value) {
$matches = array();
if ($value == 'on' && preg_match("/table_(\\w+|_)_req_(\\w)/", $name, $matches)) {
//arrange the permissions into the 'crud' format
$table_name = $matches[1];
$permission = $matches[2];
if (!isset($tables[$table_name])) {
$tables[$table_name] = $permission;
} else {
$current_permissions = $tables[$table_name];
if ($permission == 'c') {
$tables[$table_name] = 'c' . $current_permissions;
} else {
if ($permission == 'r') {
if (substr_count($tables[$table_name], 'c') > 0) {
$tables[$table_name] = 'cr' . substr($current_permissions, 1);
} else {
$tables[$table_name] = 'r' . $current_permissions;
}
} else {
if ($permission == 'u') {
if (substr_count($tables[$table_name], 'd') > 0) {
$tables[$table_name] = substr($current_permissions, 0, strlen($current_permissions) - 1) . 'ud';
} else {
$tables[$table_name] = $current_permissions . 'u';
}
} else {
//($permission == 'd')
$tables[$table_name] = $current_permissions . 'd';
}
}
}
}
}
}
$dao->updateClassificationConstraints($getvars['acl_act'], $getvars['acl_vm_action'], $tables);
add_confirmation(_('Access control modifications have been saved'));
$this->displayAdminACL($dao->getAccessRequestsForDisplay());
break;
case 'process_clear_cache':
$this->engine->clear_cache();
add_confirmation(_('Template cache has been cleared'));
$this->displayDefaultAdminPage();
break;
case 'process_audit_acl':
global $global;
//first process any changes if necessary
if ($getvars['process_action'] != '') {
if ($getvars['process_action'] == 'add_request') {
$dao->addAccessRequest($getvars['request_act'], $getvars['request_vm_action'], $getvars['request_desc']);
} else {
if ($getvars['process_action'] == 'remove_request') {
$dao->removeAccessRequest($getvars['request_act'], $getvars['request_vm_action']);
} else {
$dao->classifyTable($getvars['table_to_classify'], $getvars['classification_level']);
}
}
add_confirmation(_('ACL settings have been updated.'));
}
$path = $global['approot'] . 'mod/vm/controller/';
//an array for all controller files to test with each key being the 'act' URL parameter associated with it
$files = array('adm_default' => 'AdminController.php', 'project' => 'ProjectController.php', 'volunteer' => 'VolunteerController.php');
//an array to store all act and vm_action combinations that are not in the database
$bad_requests = array();
$current_requests = $dao->getAccessRequests();
foreach ($files as $act => $file_name) {
$handle = fopen($path . $file_name, 'r');
$contents = fread($handle, filesize($path . $file_name));
//temporary, should restrict results to within controlHandler() function
preg_match_all("/case\\s+('|\")(\\w+)('|\")\\s*?:/", $contents, $cases);
foreach ($cases[2] as $vm_action) {
if (isset($current_requests[$act])) {
if (isset($current_requests[$act][$vm_action])) {
unset($current_requests[$act][$vm_action]);
} else {
$bad_requests[] = array('act' => $act, 'vm_action' => $vm_action);
}
} else {
$bad_requests[] = array('act' => $act, 'vm_action' => $vm_action);
}
}
//ignore default cases that aren't referenced because they will get picked up by the controller's default action
unset($current_requests[$act]['default']);
if (empty($current_requests[$act])) {
unset($current_requests[$act]);
}
fclose($handle);
}
//now look for any unclassified tables/views
$tables = $dao->getDBTables();
$unclassified_tables = array();
foreach ($tables as $table) {
if (substr($table, 0, 3) == 'vm_') {
if (!$dao->isClassified($table)) {
$unclassified_tables[] = $table;
}
}
}
//display the information
$this->displayACLAudit($bad_requests, $current_requests, $unclassified_tables, $dao->getDataClassificationLevels());
break;
default:
$this->displayDefaultAdminPage();
break;
}
}
/**
* Write the generated content in to the .htaccess file.
*
* @param String $fileContent The content for the file.
*/
private function _writeToHtaccessFile($fileContent)
{
$htaccessFile = fopen($this->_appRoot . self::HTACCESS_FILE_RELATIVE_PATH, 'w+');
if (fwrite($htaccessFile, $fileContent)) {
add_confirmation(_t("Successfully wrote .htaccess file. Please ensure that Apache mod_rewrite is enabled."));
} else {
add_error(_t("Failed to write .htaccess file"));
}
fclose($htaccessFile);
}
function shn_main_front_controller()
{
global $global;
global $conf;
$action = $global['action'];
$module = $global['module'];
// check if we should enable database logging....
if (isset($conf['enable_monitor_sql']) && $conf['enable_monitor_sql'] == true) {
$global['db']->LogSQL();
}
// are we streaming PLUS SOAP Services?
if (isset($_REQUEST['wsdl'])) {
shn_main_plus_server();
exit();
}
// is the user confirming an account registration?
if (isset($_REQUEST['register'])) {
shn_main_plus_register();
exit();
}
// are we straming anything else?
if (isset($_REQUEST['stream'])) {
$stream = "_" . $_REQUEST['stream'];
} else {
$stream = null;
}
// check if the appropriate stream library exists
if (array_key_exists('stream', $_REQUEST) && file_exists($global['approot'] . '/inc/lib_stream' . $stream . '.inc')) {
require_once($global['approot'] . '/inc/lib_stream' . $stream . '.inc');
// else revert to the html stream
} else {
if (array_key_exists('stream', $_REQUEST)) {
add_error(_t('The stream requested is not valid.'));
}
require_once($global['approot'] . "/inc/lib_stream_html.inc");
$stream = null;
}
// Redirect the module based on the action performed
// redirect admin functions through the admin module
if (preg_match('/^adm/', $action)) {
$global['effective_module'] = $module = 'admin';
$global['effective_action'] = $action = 'modadmin';
}
// fixes the security vulnerability associated with null characters in the $module string
$module = str_replace("\0", "", $module);
// load stream file if exists...
$module_stream_file = $global['approot'] . 'mod/' . $module . '/stream.inc';
if (file_exists($module_stream_file)) {
include_once($module_stream_file);
}
// identify the correct module file based on action and module
$module_file = $global['approot'] . 'mod/' . $module . '/main.inc';
// check if module exists (modules main.inc)
if (file_exists($module_file)) {
include_once($module_file);
} else {
// default to the home page if the module main does not exist
add_error(_t('The requested module is not installed in Vesuvius'));
$module = 'home';
$action = 'default';
include_once($global['approot'] . 'mod/home/main.inc');
}
// identify the name of the module function based on the action, stream and module
$module_function = 'shn' . $stream . '_' . $module . '_' . $action;
// if function does not exist re-direct
if (!function_exists($module_function)) {
// try to see if there is a generic Xstream function instead
$module_function = 'shn_XST_' . $module . '_' . $action;
if (!function_exists($module_function)) {
// display the error on the relevant stream
if ($stream == null) {
add_error(_t('The action requested is not available'));
$module_function = 'shn_' . $module . '_default';
} else {
// if this does not exist display the error in the html homepage
add_error(_t('This action does not support the stream type.'));
$module_function = "display_errors"; // just display the errors
}
}
}
// list of exceptions generated by calling the function.
$global['exception_list'] = array();
// initialize stream based on selected steam POST value this includes the inclusion of various sections in XHTML including the HTTP header,content header, menubar, login
shn_stream_init();
if ($stream == null) {
if ((($global['action'] == 'signup2') || ($global['action'] == 'signup') || ($global['action'] == 'forgotPassword') || ($global['action'] == 'loginForm')) && ($global['module'] = 'pref')) {
if (shn_acl_is_signup_enabled()) {
$module_function();
}
} else {
// if not a self-signup action
$allowed_mods = shn_get_allowed_mods_current_user();
// check if requested module is within users allowed modules
$res = array_search($module, $allowed_mods, false);
if (false !== $res) {
if (shn_acl_check_perms($module, $module_function) == ALLOWED) {
// check if the user just logged in.... request_time = session expiry, if so, great them! :)
$q = "
SELECT count(*)
FROM sessions
WHERE expiry = '" . mysql_real_escape_string($_SERVER['REQUEST_TIME']) . "';
";
$result = $global['db']->Execute($q);
//if($result === false) { daoErrorLog(__FILE__, __LINE__, __METHOD__, __CLASS__, __FUNCTION__, $global['db']->ErrorMsg(), "getEventListUser 1"); }
if ($result->fields["count(*)"] == '1') {
add_confirmation("Login successful");
}
$module_function();
} else {
shn_error_display_restricted_access();
}
} else {
shn_error_display_restricted_access();
}
}
} else {
// if the steam is not HTML
$allowed_mods = shn_get_allowed_mods_current_user();
// check if requested module is within users allowed modules
$res = array_search($module, $allowed_mods, false);
// hack for messaging module receive function
$res = ($stream = 'text' & $action = 'receive_message') ? true : $res;
if (false !== $res) {
if (shn_acl_check_perms($module, $module_function) == ALLOWED) {
$module_function();
} else {
add_error(shn_error_get_restricted_access_message());
}
} else {
add_error(shn_error_get_restricted_access_message());
}
}
// close up the stream. In HTML send the footer
shn_stream_close();
}
/**
* The function that decides what to do and which page to view.
*
* @param $getvars an associative array, representing the GET variables
* from the URL
* @return void
*/
function controlHandler($getvars)
{
global $dao, $global;
include_once $global['approot'] . 'inc/lib_location.inc';
//first authorize the user
$ac = new AccessController($getvars);
if (!$ac->isAuthorized()) {
return;
}
// temporary, to support older 'action' instead of 'vm_action'
$vm_action = $getvars['vm_action'] ? $getvars['vm_action'] : $getvars['action'];
switch ($vm_action) {
case 'display_single':
$p = new Project($getvars['proj_id']);
$this->displayProject($p);
break;
case 'display_add':
$this->addProject();
break;
case 'display_edit':
$this->addProject(new Project($getvars['proj_id']));
break;
case 'display_closure_edit':
if ($dao->isSiteManagerForProject($_SESSION['user_id'], $getvars['proj_id'])) {
if (!empty($_POST)) {
$dao->saveClosureReport($getvars['proj_id'], $_POST);
$this->displayConfirmation(_('Changes Saved.'));
echo '<script type="text/javascript">';
echo 'setTimeout(\'location.href="?mod=vm&act=project&vm_action=display_closure_report&proj_id=' . $getvars['proj_id'] . '"\',1500);';
echo '</script>';
} else {
$this->editClosure($getvars['proj_id']);
}
}
break;
case 'display_closure_report':
$this->viewClosure($getvars['proj_id']);
break;
case 'display_closure_reports':
$this->listClosureReports();
$this->showPagingNavigation("index.php?mod=vm&act=project&vm_action=display_closure_reports");
break;
case 'process_add':
$p = new Project($getvars['proj_id']);
$p->info['name'] = $getvars['name'];
$p->info['description'] = $getvars['description'];
$p->info['start_date'] = $getvars['start_date'];
$p->info['end_date'] = $getvars['end_date'];
$p->info['mgr_id'] = $getvars['manager'];
$p->info['locations'] = array();
shn_get_parents(shn_location_get_form_submit_loc(), $p->info['locations']);
if ($this->validateAddForm($getvars)) {
$p->save();
$this->displayConfirmation(_('Changes Saved.'));
$this->displayProject($p);
} else {
$this->addProject();
}
break;
case 'process_delete':
$p = new Project();
$p->delete($getvars['proj_id']);
View::View();
$this->displayConfirmation('The requested Project was deleted.');
$this->listProjects();
$this->showPagingNavigation("index.php?mod=vm&act=project&vm_action=default");
break;
case 'display_confirm_delete':
View::View();
$this->confirmDelete($getvars['proj_id']);
break;
case 'display_select_project':
View::View();
if ($dao->isSiteManager($_SESSION['user_id']) && !$ac->dataAccessIsAuthorized(array('vm_proj_vol' => 'ru'), false)) {
$projects = $dao->listProjects($_SESSION['user_id'], true);
} else {
$projects = $dao->listProjects();
}
$this->displaySelectProjectForAssignmentForm($projects);
break;
case 'display_assign':
View::View();
if ($getvars['proj_id'] == '') {
add_error(SHN_ERR_VM_NO_PROJECT);
//if the user is just a site manager who got here due to overriding access control, only display his projects, otherwise display all
if ($dao->isSiteManager($_SESSION['user_id']) && !$ac->dataAccessIsAuthorized(array('vm_vol_position' => 'ru'), false)) {
$projects = $dao->listProjects($_SESSION['user_id'], true);
} else {
$projects = $dao->listProjects();
}
$this->displaySelectProjectForAssignmentForm($projects);
} else {
if ($this->validateAssignForm($getvars)) {
$p_uuid = $this->getAssigningVolId($getvars);
$dao->assignVolunteerToPosition($p_uuid, $getvars['pos_id_' . $p_uuid]);
add_confirmation(_('Volunteer has been successfully assigned'));
}
$p = new Project($getvars['proj_id']);
$this->assignVol($getvars['proj_id'], $p->positions);
}
break;
case 'process_remove_from_project':
$dao->deleteFromProject($getvars['p_uuid'], $getvars['proj_id']);
$p = new Project($getvars['proj_id']);
$this->displayProject($p);
break;
case 'display_my_list':
$this->listProjects($_SESSION['user_id']);
$this->showPagingNavigation("index.php?mod=vm&act=project&vm_action=display_my_list");
break;
case 'display_coming_list':
echo _('The items listed below are projects that will start from today or after today.');
echo '<div align="right"><a href="?mod=vm&act=project">' . _('View all projects') . '</a></div>';
$this->listComingProjects();
$this->showPagingNavigation("index.php?mod=vm&act=project&vm_action=display_coming_list");
break;
case 'process_add_position':
if ($getvars['pos_id'] != null) {
$p = new Position($getvars['pos_id']);
} else {
$p = new Position();
}
$p->proj_id = $getvars['proj_id'];
$p->ptype_id = $getvars['ptype_id'];
$p->description = $getvars['description'];
$p->title = $getvars['title'];
$p->numSlots = $getvars['numSlots'];
$p->payrate = $getvars['payrate'];
if ($this->validateAddPosition($getvars)) {
$dao->savePosition($p);
//$this->displayConfirmation("Position assignment has been added to {$p->position_title}");
$this->controlHandler(array('vm_action' => 'display_single', 'proj_id' => $p->proj_id));
} else {
$this->addPosition($p);
}
break;
case 'add_position':
//this case only displays the form to add/edit a position
if ($getvars['pos_id']) {
$p = new Position($getvars['pos_id']);
} else {
$p = new Position();
}
if (isset($getvars['proj_id'])) {
$p->proj_id = $getvars['proj_id'];
}
$this->addPosition($p);
break;
case 'remove_position':
$dao->removePosition($getvars['pos_id']);
$this->controlHandler(array('vm_action' => 'display_single', 'proj_id' => $getvars['proj_id']));
break;
default:
echo '<div align="right"><a href="?mod=vm&act=project&vm_action=display_coming_list">' . _('View coming projects') . '</a></div>';
$this->listProjects();
$this->showPagingNavigation("index.php?mod=vm&act=project&vm_action=default");
break;
}
}